- ConnectOnCall healthcare software suffers data breach
- Data from more than 900,000 patients was accessed for three months.
- This leaves patients at risk of identity theft.
Software company Phreesia has notified 914,138 people whose personal and health information was exposed by a data breach in May 2023 after using its ConnectOnCall software, which provides an after-hours calling service between patients and doctors.
An investigation has revealed that an unknown third party accessed ConnectOnCall data between February 16 and May 12, 20203, meaning that sensitive provider-patient communications were compromised, including medical records, prescription information , full names and telephone numbers, with a “small number”. of the social security numbers also exposed.
The incident has taken ConnectOnCall services offline until the service can be fully assessed and restored, and Phreesia is working with authorities to establish the potential impact.
The risks for patients.
ConnectOnCall has offered identity and credit monitoring services, but only to customers whose Social Security numbers have been exposed. For those not included, better identity theft protection might be of some help.
Although there is no evidence of malicious activity in connection with the breach so far, access by unknown actors to health data always represents a significant risk.
“The ConnectOnCall service remains offline and we are working diligently to assess the potential impact and restore service,” the company statement said.
“While ConnectOnCall is not aware of any misuse of personal information or harm to patients as a result of this incident, potentially affected individuals are encouraged to remain vigilant and report any suspected identity theft or fraud to their health plan. , insurer or financial institution. “
The news is the latest in a series of healthcare breaches in 2024, in which cybercriminals will target the industry thanks to the sensitive nature of the data stored and the critical nature of the service provided.